Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality

vendor:

Time Tracker

by:

Mufaddal Masalawala

7.5

CVSS

HIGH

Denial of Service

307

CWE

Product Name: Time Tracker

Affected Version From: 1.19.23.5311

Affected Version To: Prior versions

Patch Exists: YES

Related CWE: CVE-2020-27423

CPE: a:anuko:time_tracker

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux 2020.3

2020

Anuko Time Tracker 1.19.23.5311 – No rate Limit on Password Reset functionality

Anuko Time Tracker v1.19.23.5311 and prior, lacks rate limit on the password reset module which allows attackers to perform Denial of Service attack on any legitimate user's mailbox. Attacker could perform Denial of Service on a legitimate user's mailbox. To exploit this vulnerability, the attacker needs to go to the 'Password Reset' module and enter any user's login name, click on 'Reset Password' and capture this request, and replay this request n number of times.

Mitigation:

Upgrade to the latest version of Anuko Time Tracker

Source

Exploit-DB raw data:

#Exploit Title: Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
#Date: 2020-11-11
#Exploit Author: Mufaddal Masalawala
#Vendor Homepage: https://www.anuko.com/
#Software Link: https://www.anuko.com/time-tracker/index.htm
#Version: 1.19.23.5311
#Tested on: Kali Linux 2020.3
#CVE: CVE-2020-27423
#Proof Of Concept:
Anuko Time Tracker v1.19.23.5311 and prior, lacks rate limit on the
password reset module which allows attackers to perform Denial of Service
attack on any legitimate user's mailbox. Attacker could perform Denial of
Service on a legitimate user's mailbox
To exploit this vulnerability:

   1. Goto 'Password Reset' module and enter any user's login name
   2. Click on 'Reset Password' and capture this request.
   3. Replay this request n number of times.
   4. The victim receives a password reset email the number of times the
   request is replayed.